Lucene search
K

7 matches found

NVD
NVD
added 2026/06/14 12:16 p.m.8 views

CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

9.8CVSS0.01353EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/25 10:34 p.m.55 views

Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

The basic-ftp library contains a path traversal vulnerability in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the intended download directory. Source-to-Sink Flow 1. SOURC...

9.8CVSS6AI score0.00528EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.3 views

PT-2023-22242 · Debian · Debian

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Dispositio...

4.3CVSS4AI score0.00482EPSS
Exploits2References18
RedHat Linux
RedHat Linux
added 2017/08/01 4:5 p.m.7 views

evince: command injection via filename in tar-compressed comics archive

It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar CBT files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program...

7.8CVSS6.1AI score0.50826EPSS
Exploits9References4
UbuntuCve
UbuntuCve
added 2014/09/18 10:55 a.m.16 views

CVE-2014-2886

GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...

6.8CVSS6AI score0.02193EPSS
Exploits1References4
OSV
OSV
added 2014/09/18 10:55 a.m.5 views

UBUNTU-CVE-2014-2886

GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...

6.8CVSS6.1AI score0.02193EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2014/09/18 10:0 a.m.27 views

CVE-2014-2886

Removed by vendor...

6.8CVSS6.7AI score0.02193EPSS
Exploits1
Rows per page
Query Builder